diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2012-12-12 11:54:36 +0100 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2012-12-12 11:54:36 +0100 |
commit | f55179f734b5c3c48e116e21ebbe15a7c5870c2f (patch) | |
tree | 4a6fdac6cf4b1120cb2a3d86afd63995242123e5 /privileged-main.lua | |
parent | 8860d18aacecb5fd833e7b0b57ee0302af0e3d45 (diff) | |
download | privsep-f55179f734b5c3c48e116e21ebbe15a7c5870c2f.tar.bz2 privsep-f55179f734b5c3c48e116e21ebbe15a7c5870c2f.tar.xz |
rename privsep-main to privileged-main
Diffstat (limited to 'privileged-main.lua')
-rw-r--r-- | privileged-main.lua | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/privileged-main.lua b/privileged-main.lua new file mode 100644 index 0000000..8fe447c --- /dev/null +++ b/privileged-main.lua @@ -0,0 +1,50 @@ +modname = ... + +if not modname then + modname = "session" +end + +json = require("json") + + +function ret_error(errmsg) + io.write(json.encode({false, errmsg, nil}).."\n") + os.exit(0) +end + +function ret_success(result) + io.write(json.encode({true, "success", result}).."\n") +end + +-- path must be absolute for production so users cannot load scripts from +-- non secured dirs +modules_path = "./modules/" + +if not modname then + return 1 +end + +-- make sure we dont have any path elements in modname so we cannot pass +-- modnames like '../myevilmod' +mfile = modules_path..string.gsub(modname, ".*/", "")..".lua" + +-- load the module +m = dofile(mfile) + +-- read args from stdin +request = json.decode(io.read("*a")) +funcname, sessionid, args = unpack(request) + +--ret_error(funcname) +-- check that the func we want exists +if type(m[funcname]) ~= "function" then + ret_error(funcname..": not a function") +end + +-- TODO: check permissions here + +-- execute the func and pack the return values into a table +result = { m[funcname](unpack(args)) } + +ret_success(result) + |